Past speeches and talks from the Black Hat Briefings computer security conferences.<br> <br> The Black Hat Briefings USA 2007 was held August 1-3 in Las Vegas at Caesars Palace. Two days, sixteen tracks, over 95 presentations. Three keynote speakers: Richard Clarke, Tony Sager and Bruce Schneier.<br> A post convention wrap up can be found at http://www.blackhat.com/html/bh-usa-07/bh-usa-07-index.html<br> <br> Black Hat Briefings bring together a unique mix in security: the best minds from government agencies and global corporations with the underground's most respected hackers. These forums take place regularly in Las Vegas, Washington D.C., Amsterdam, and Tokyo<br> <br> Video, audio and supporting materials from past conferences will be posted here, starting with the newest and working our way back to the oldest with new content added as available! Past speeches and talks from Black Hat in an iPod friendly .mp4 h.264 192k video format. If you want to get a better idea of the presentation materials go to http://www.blackhat.com/html/bh-media-archives/bh-archives-2007.html and download them. Put up the pdfs in one window while watching the talks in the other. Almost as good as being there! http://www.blackhat.com computers/hacking (c)2007 Black Hat, Inc. http://blogs.law.harvard.edu/tech/rss en-us Tue, 11 Dec 2007 16:12:44 -0800 jmoss@blackhat.com (Jeff Moss) Tue, 11 Dec 2007 14:53:10 -0800 feedback@blackhat.com (Jeff Moss) FeedForAll v2.0 (2.0.2.1) http://www.feedforall.com Black Hat Briefings, USA 2007 [Audio] Presentations from the security conference. Past speeches and talks from the Black Hat Briefings computer security conferences. The Black Hat Briefings USA 2007 was held August 1-3 in Las Vegas at Caesars Palace. Two days, sixteen tracks, over 95 presentations. Three keynote speakers: Richard Clarke, Tony Sager and Bruce Schneier. A post convention wrap up can be found at http://www.blackhat.com/html/bh-usa-07/bh-usa-07-index.html Black Hat Briefings bring together a unique mix in security: the best minds from government agencies and global corporations with the underground's most respected hackers. These forums take place regularly in Las Vegas, Washington D.C., Amsterdam, and Tokyo Video, audio and supporting materials from past conferences will be posted here, starting with the newest and working our way back to the oldest with new content added as available! Past speeches and talks from Black Hat in an iPod friendly .mp4 h.264 192k video format. If you want to get a better idea of the presentation materials go to http://www.blackhat.com/html/bh-media-archives/bh-archives-2007.html and download them. Put up the pdfs in one window while watching the talks in the other. Almost as good as being there! Jeff Moss Black Hat/ CMP Media, Inc. Jmoss@blackhat.com (Jeff Moss) Blackhat Briefings and Training, Blackhat USA 2006, Black Hat Vegas, BlackHat Vegas, hacking, convention, computer security, speeches, presentations, spoken word, video, audio no no http://www.blackhat.com/podcast/blackhat-podcast-logo.png http://www.blackhat.com Black Hat Podcast 16 16 In this talk we will discuss what is now referred to as "The 'first' Internet War" where Estonia was under massive online attacks for a period of three weeks, following tensions with the local Russian population.<br /> <br /> Following a riot in the streets of Tallinn, an online assault begun, resulting in a large-scale coordination of the Estonian defenses on both the local and International levels. We will demonstrate what in hind-sight worked for both the attackers and the defenders, as well as what failed. Following the chronological events and technical information, we will explore what impact these attacks had on Estonia's civil infrastructure and daily life, and how they impacted its economy during the attacks.<br /> <br /> Once we cover that ground, we will evaluate what we have so far discussed and elaborate on lessons learned while Gadi was in Estonia and from the post-mortem he wrote for the Estonian CERT. We will conclude our session by recognizing case studies on the strategic level, which can be deducted from the incident and studied in preparation for future engagements in cyber-space.<br /> <br /> Gadi Evron works for the Mclean, VA based vulnerability assessment solution vendor Beyond Security as Security Evangelist and is the chief editor of the security portal SecuriTeam. He is a known leader in the world of Internet security operations, and especially in the realm of botnets and phishing as well as is the operations manager for the Zeroday Emergency Response Team (ZERT). He is a known expert on corporate security and espionage threats. Previously Gadi was the Israeli Government Internet Security Operations Manager (CISO) and the Israeli Government CERT Manager which he founded. http://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html feedback@blackhat.com (Black Hat RSS Feed) Computers/Hacking/ 2D80E874-9D41-417F-8C53-466142A31E6D Tue, 11 Dec 2007 14:53:10 -0800 Gadi Evron: Estonia: Information Warfare and Strategic Lessons In this talk we will discuss what is now referred to as "The 'first' Internet War" where Estonia was under massive online attacks for a period of three weeks, following tensions with the local Russian population. Following a riot in the streets of Tallinn, an online assault begun, resulting in a large-scale coordination of the Estonian defenses on both the local and International levels. We will demonstrate what in hind-sight worked for both the attackers and the defenders, as well as what failed. Following the chronological events and technical information, we will explore what impact these attacks had on Estonia's civil infrastructure and daily life, and how they impacted its economy during the attacks. Once we cover that ground, we will evaluate what we have so far discussed and elaborate on lessons learned while Gadi was in Estonia and from the post-mortem he wrote for the Estonian CERT. We will conclude our session by recognizing case studies on the strategic level, which can be deducted from the incident and studied in preparation for future engagements in cyber-space. Gadi Evron works for the Mclean, VA based vulnerability assessment solution vendor Beyond Security as Security Evangelist and is the chief editor of the security portal SecuriTeam. He is a known leader in the world of Internet security operations, and especially in the realm of botnets and phishing as well as is the operations manager for the Zeroday Emergency Response Team (ZERT). He is a known expert on corporate security and espionage threats. Previously Gadi was the Israeli Government Internet Security Operations Manager (CISO) and the Israeli Government CERT Manager which he founded. 1:13:39 Gadi Evron Gadi Evron ,Briefings and Training, Black Hat, BlackHat,hacking,hack,computer security, speeches, presentations, spoken word, video, audio no no Gadi Evron: Estonia: Information Warfare and Strategic Lessons In this talk we will discuss what is now referred to as "The 'first' Internet War" where Estonia was under massive online attacks for a period of three weeks, following tensions with the local Russian population. Following a riot in the streets of Tallinn, an online assault begun, resulting in a large-scale coordination of the Estonian defenses on both the local and International levels. We will demonstrate what in hind-sight worked for both the attackers and the defenders, as well as what failed. Following the chronological events and technical information, we will explore what impact these attacks had on Estonia's civil infrastructure and daily life, and how they impacted its economy during the attacks. Once we cover that ground, we will evaluate what we have so far discussed and elaborate on lessons learned while Gadi was in Estonia and from the post-mortem he wrote for the Estonian CERT. We will conclude our session by recognizing case studies on the strategic level, which can be deducted from the incident and studied in preparation for future engagements in cyber-space. Gadi Evron works for the Mclean, VA based vulnerability assessment solution vendor Beyond Security as Security Evangelist and is the chief editor of the security portal SecuriTeam. He is a known leader in the world of Internet security operations, and especially in the realm of botnets and phishing as well as is the operations manager for the Zeroday Emergency Response Team (ZERT). He is a known expert on corporate security and espionage threats. Previously Gadi was the Israeli Government Internet Security Operations Manager (CISO) and the Israeli Government CERT Manager which he founded. Gadi Evron Black Hat / CMP Media, Inc. Computers_and_Internet/Security_and_Encryption/Hacking/Conferences/ Computers/Hacking/ A Dangling Pointer is a well known security flaw in many applications.<br /> <br /> When a developer writes an application, he/she usually uses pointers to many data objects. In some scenarios, the developer may accidentally use a pointer to an invalid object. In such a case, the application will enter an unintended execution flow which could lead to an application crash or other types of dangerous behaviors. http://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html feedback@blackhat.com (Black Hat RSS Feed) Computers/Hacking/ 05ECA2B6-58F3-47A3-BC00-3D3C300CDCB1 Mon, 9 Jan 2006 16:10:19 -0700 Dangling Pointer A Dangling Pointer is a well known security flaw in many applications. When a developer writes an application, he/she usually uses pointers to many data objects. In some scenarios, the developer may accidentally use a pointer to an invalid object. In such a case, the application will enter an unintended execution flow which could lead to an application crash or other types of dangerous behaviors. 1:06:58 Jonathan Afek Jonathan Afek ,Briefings and Training, Black Hat, BlackHat,hacking,hack,computer security, speeches, presentations, spoken word, video, audio no no Jonathan Afek: Dangling Pointer A Dangling Pointer is a well known security flaw in many applications. When a developer writes an application, he/she usually uses pointers to many data objects. In some scenarios, the developer may accidentally use a pointer to an invalid object. In such a case, the application will enter an unintended execution flow which could lead to an application crash or other types of dangerous behaviors. Jonathan Afek Black Hat / CMP Media, Inc. Computers_and_Internet/Security_and_Encryption/Hacking/Conferences/ Computers/Hacking/ Face it, fuzzing sucks. Even the most expensive commercial fuzzing suites leave much to be desired by way of automation. Perhaps the reason for this is that even the most rudimentary fuzzers are surprisingly effective. None the less, if you are serious about fuzz testing in as much a scientific process as possible than you have no doubt been disappointed with the current state of affairs. Until now.<br /> <br /> This talk is about Sulley. An open source, freely available, full featured and extensible fuzzing framework being released at Black Hat US 2007. Modern day fuzzers are, for the most part, solely focused on data generation. Sulley does this better and more. Sulley watches the network and methodically maintains records. Sulley instruments and monitors the health of the target, capable of reverting to a good state using multiple methods. Sulley detects, tracks and categorizes detected faults. Sulley can fuzz in parallel, significantly increasing test speed. Sulley can automatically determine what unique sequence of test cases trigger faults. Sulley does all this, and more, automatically and without attendance http://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html feedback@blackhat.com (Black Hat RSS Feed) Computers/Hacking/ 6FF8F56A-8B72-4270-8758-9554F481B7B3 Mon, 9 Jan 2006 16:10:19 -0700 Fuzzing Sucks! (or Fuzz it Like you Mean it!) Face it, fuzzing sucks. Even the most expensive commercial fuzzing suites leave much to be desired by way of automation. Perhaps the reason for this is that even the most rudimentary fuzzers are surprisingly effective. None the less, if you are serious about fuzz testing in as much a scientific process as possible than you have no doubt been disappointed with the current state of affairs. Until now. This talk is about Sulley. An open source, freely available, full featured and extensible fuzzing framework being released at Black Hat US 2007. Modern day fuzzers are, for the most part, solely focused on data generation. Sulley does this better and more. Sulley watches the network and methodically maintains records. Sulley instruments and monitors the health of the target, capable of reverting to a good state using multiple methods. Sulley detects, tracks and categorizes detected faults. Sulley can fuzz in parallel, significantly increasing test speed. Sulley can automatically determine what unique sequence of test cases trigger faults. Sulley does all this, and more, automatically and without attendance. 1:13:03 Pedram Amini & Aaron Portnoy Pedram Amini ,Briefings and Training, Black Hat, BlackHat,hacking,hack,computer security, speeches, presentations, spoken word, video, audio no no Pedram Amini & Aaron Portnoy: Fuzzing Sucks! (or Fuzz it Like you Mean it!) Face it, fuzzing sucks. Even the most expensive commercial fuzzing suites leave much to be desired by way of automation. Perhaps the reason for this is that even the most rudimentary fuzzers are surprisingly effective. None the less, if you are serious about fuzz testing in as much a scientific process as possible than you have no doubt been disappointed with the current state of affairs. Until now. This talk is about Sulley. An open source, freely available, full featured and extensible fuzzing framework being released at Black Hat US 2007. Modern day fuzzers are, for the most part, solely focused on data generation. Sulley does this better and more. Sulley watches the network and methodically maintains records. Sulley instruments and monitors the health of the target, capable of reverting to a good state using multiple methods. Sulley detects, tracks and categorizes detected faults. Sulley can fuzz in parallel, significantly increasing test speed. Sulley can automatically determine what unique sequence of test cases trigger faults. Sulley does all this, and more, automatically and without attendance. Pedram Amini & Aaron Portnoy Black Hat / CMP Media, Inc. Computers_and_Internet/Security_and_Encryption/Hacking/Conferences/ Computers/Hacking/ Virtualization is changing how operating systems function and how enterprises manage data centers. Windows Server Virtualization, a component of Windows Server 2008, will introduce new virtualization capabilities to the Windows operating system. This talk will focus on security model of the system, with emphasis on design choices and deployment considerations. Aspects of virtualization security related to hardware functions will also be explored. http://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html feedback@blackhat.com (Black Hat RSS Feed) Computers/Hacking/ 51D14EEB-2840-4C2B-8C1D-4AE6A081F572 Mon, 9 Jan 2006 16:10:19 -0700 Kick Ass Hypervisoring: Windows Server Virtualization Virtualization is changing how operating systems function and how enterprises manage data centers. Windows Server Virtualization, a component of Windows Server 2008, will introduce new virtualization capabilities to the Windows operating system. This talk will focus on security model of the system, with emphasis on design choices and deployment considerations. Aspects of virtualization security related to hardware functions will also be explored. 59:03 Brandon Baker Brandon Baker,Briefings and Training, Black Hat, BlackHat,hacking,hack,computer security, speeches, presentations, spoken word, video, audio no no Brandon Baker: Kick Ass Hypervisoring: Windows Server Virtualization Virtualization is changing how operating systems function and how enterprises manage data centers. Windows Server Virtualization, a component of Windows Server 2008, will introduce new virtualization capabilities to the Windows operating system. This talk will focus on security model of the system, with emphasis on design choices and deployment considerations. Aspects of virtualization security related to hardware functions will also be explored. Brandon Baker Black Hat / CMP Media, Inc. Computers_and_Internet/Security_and_Encryption/Hacking/Conferences/ Computers/Hacking/ RDS-TMC is a standard based on RDS (Radio Data System) for communicating over FM radio Traffic Information for Satellite Navigation Systems.<br /> <br /> All modern in-car Satellite Navigation systems sold in Europe use RDS-TMC to receive broadcasts containing up to date information about traffic conditions such as queues and accidents and provide detours in case they affect the plotted course. The system is increasingly being used around Europe and North America.<br /> <br /> The audience will be introduced to RDS/RDS-TMC concepts and protocols and we'll show how to decode/encode such messages using a standard PC and cheap home-made electronics, with the intent of injecting information in the broadcast RDS-TMC stream manipulating the information displayed by the satellite navigator.<br /> <br /> We'll discover the obscure (but scary!) messages that can be broadcast (and that are not usually seen over legitimate RDS-TMC traffic), the limits of standard SatNav systems when flooded with unusual messages and the role that RDS-TMC injection / jamming can play in social engineering attempts (hitmen in the audience will love this!).<br /> <br /> In order to maximize the presentation we'll also demo the injection...hopefully at low power so that we won't piss off local radio broadcasts. http://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html feedback@blackhat.com (Black Hat RSS Feed) Computers/Hacking/ 75A0C000-624E-46C2-A4E4-64B28D875E8E Mon, 9 Jan 2006 16:10:19 -0700 Injecting RDS-TMC Traffic Information Signals a.k.a. How to freak out your Satellite Navigation. RDS-TMC is a standard based on RDS (Radio Data System) for communicating over FM radio Traffic Information for Satellite Navigation Systems. All modern in-car Satellite Navigation systems sold in Europe use RDS-TMC to receive broadcasts containing up to date information about traffic conditions such as queues and accidents and provide detours in case they affect the plotted course. The system is increasingly being used around Europe and North America. The audience will be introduced to RDS/RDS-TMC concepts and protocols and we'll show how to decode/encode such messages using a standard PC and cheap home-made electronics, with the intent of injecting information in the broadcast RDS-TMC stream manipulating the information displayed by the satellite navigator. We'll discover the obscure (but scary!) messages that can be broadcast (and that are not usually seen over legitimate RDS-TMC traffic), the limits of standard SatNav systems when flooded with unusual messages and the role that RDS-TMC injection / jamming can play in social engineering attempts (hitmen in the audience will love this!). In order to maximize the presentation we'll also demo the injection...hopefully at low power so that we won't piss off local radio broadcasts. 1:06:47 Andrea Barisani & Daniele Bianco Andrea Barisani ,Briefings and Training, Black Hat, BlackHat,hacking,hack,computer security, speeches, presentations, spoken word, video, audio no no Andrea Barisani & Daniele Bianco: Injecting RDS-TMC Traffic Information Signals a.k.a. How to freak out your Satellite Navigation. RDS-TMC is a standard based on RDS (Radio Data System) for communicating over FM radio Traffic Information for Satellite Navigation Systems. All modern in-car Satellite Navigation systems sold in Europe use RDS-TMC to receive broadcasts containing up to date information about traffic conditions such as queues and accidents and provide detours in case they affect the plotted course. The system is increasingly being used around Europe and North America. The audience will be introduced to RDS/RDS-TMC concepts and protocols and we'll show how to decode/encode such messages using a standard PC and cheap home-made electronics, with the intent of injecting information in the broadcast RDS-TMC stream manipulating the information displayed by the satellite navigator. We'll discover the obscure (but scary!) messages that can be broadcast (and that are not usually seen over legitimate RDS-TMC traffic), the limits of standard SatNav systems when flooded with unusual messages and the role that RDS-TMC injection / jamming can play in social engineering attempts (hitmen in the audience will love this!). In order to maximize the presentation we'll also demo the injection...hopefully at low power so that we won't piss off local radio broadcasts. Andrea Barisani & Daniele Bianco Black Hat / CMP Media, Inc. Computers_and_Internet/Security_and_Encryption/Hacking/Conferences/ Computers/Hacking/ Tracing a malicious insider is hard; proving their guilt even harder. In this talk, we will discuss the challenges faced by digital investigators in solving electronic crime committed by knowledgeable insiders. These challenges will be presented in light of three real world investigations conducted by the presenters. The focus of this talk will on the technicalities of the attacks, the motivation of the attackers, and the response techniques used by the investigators to solve the respective crimes.<br /> <br /> The first case is the high-profile U.S. v Duronio trial, in which Keith Jones testified as the DoJ?s computer forensics expert. Mr. Jones testified for over five days about how Mr. Duronio, a disgruntled employee, planted a logic bomb within UBS?s network to render critical trading servers unusable. His testimony was key in the prosecution of the accused on charges of securities fraud and electronic crime. Mr. Jones will present the information as he did to the jury during this trial.<br /> <br /> The second incident involved a recently fired employee at a large retail organization. The irked employee made his way from a store wireless network into the company's core credit card processing systems. The purpose of the attack was to malign the company?s image by releasing the stolen data on the Internet. We will discuss the anatomy of the "hack", the vulnerabilities exploited along the way, and our sleepless nights in Miami honing in on the attacker.<br /> <br /> The final case presented will focus on the technicalities of web browser forensics and how it facilitated the uncovering of critical electronic evidence that incriminated a wrong-doer, and more importantly freed an innocent systems administrator at a law firm from being terminated and facing legal music.<br /> <br /> The common thread in all these cases - a malicious insider! http://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html feedback@blackhat.com (Black Hat RSS Feed) Computers/Hacking/ 3220EBAF-9329-46E3-9CF8-2B72E0B1B2E2 Mon, 9 Jan 2006 16:10:19 -0700 Smoke 'em Out! Tracing a malicious insider is hard; proving their guilt even harder. In this talk, we will discuss the challenges faced by digital investigators in solving electronic crime committed by knowledgeable insiders. These challenges will be presented in light of three real world investigations conducted by the presenters. The focus of this talk will on the technicalities of the attacks, the motivation of the attackers, and the response techniques used by the investigators to solve the respective crimes. The first case is the high-profile U.S. v Duronio trial, in which Keith Jones testified as the DoJ?s computer forensics expert. Mr. Jones testified for over five days about how Mr. Duronio, a disgruntled employee, planted a logic bomb within UBS?s network to render critical trading servers unusable. His testimony was key in the prosecution of the accused on charges of securities fraud and electronic crime. Mr. Jones will present the information as he did to the jury during this trial. The second incident involved a recently fired employee at a large retail organization. The irked employee made his way from a store wireless network into the company's core credit card processing systems. The purpose of the attack was to malign the company?s image by releasing the stolen data on the Internet. We will discuss the anatomy of the "hack", the vulnerabilities exploited along the way, and our sleepless nights in Miami honing in on the attacker. The final case presented will focus on the technicalities of web browser forensics and how it facilitated the uncovering of critical electronic evidence that incriminated a wrong-doer, and more importantly freed an innocent systems administrator at a law firm from being terminated and facing legal music. The common thread in all these cases - a malicious insider! 1:20:42 Rohyt Belani & Keith Jones Rohyt Beliani ,Briefings and Training, Black Hat, BlackHat,hacking,hack,computer security, speeches, presentations, spoken word, video, audio no no Rohyt Belani & Keith Jones: Smoke 'em Out! Tracing a malicious insider is hard; proving their guilt even harder. In this talk, we will discuss the challenges faced by digital investigators in solving electronic crime committed by knowledgeable insiders. These challenges will be presented in light of three real world investigations conducted by the presenters. The focus of this talk will on the technicalities of the attacks, the motivation of the attackers, and the response techniques used by the investigators to solve the respective crimes. The first case is the high-profile U.S. v Duronio trial, in which Keith Jones testified as the DoJ?s computer forensics expert. Mr. Jones testified for over five days about how Mr. Duronio, a disgruntled employee, planted a logic bomb within UBS?s network to render critical trading servers unusable. His testimony was key in the prosecution of the accused on charges of securities fraud and electronic crime. Mr. Jones will present the information as he did to the jury during this trial. The second incident involved a recently fired employee at a large retail organization. The irked employee made his way from a store wireless network into the company's core credit card processing systems. The purpose of the attack was to malign the company?s image by releasing the stolen data on the Internet. We will discuss the anatomy of the "hack", the vulnerabilities exploited along the way, and our sleepless nights in Miami honing in on the attacker. The final case presented will focus on the technicalities of web browser forensics and how it facilitated the uncovering of critical electronic evidence that incriminated a wrong-doer, and more importantly freed an innocent systems administrator at a law firm from being terminated and facing legal music. The common thread in all these cases - a malicious insider! Rohyt Belani & Keith Jones Black Hat / CMP Media, Inc. Computers_and_Internet/Security_and_Encryption/Hacking/Conferences/ Computers/Hacking/ During 2006 vulnerabilities in wireless LAN drivers gained an increasing attention in security community. One can explain this by the fact that any hacker can take control over every vulnerable laptop of entire enterprise without any "visible" connection with those laptops and execute a malicious code in kernel.<br /> <br /> This work describes the process behind hunting remote and local vulnerabilities in wireless LAN drivers as well as in other types of network drivers. The first part of the work describes simple and much more advanced examples of remote execution vulnerabilities in wireless device drivers that should be considered during quest for vulnerabilities. We demonstrate an example design of kernel-mode payload on Windows and construct a simple wireless frames fuzzer. The second part of the work explains local privilege escalation vulnerabilities in I/O Control device driver interface on Windows, introduces a technique to uncover them and IOCTLBO fuzzer implementing this technique. Third part of the work describes specific examples of local vulnerabilities in network drivers that can be exploited remotely and introduces an exploitation technique. In the last part of the work we present case studies of remote and local vulnerabilities mitigated in Intel Centrino wireless LAN drivers. The work concludes discussing vulnerabilities in other types of network drivers. http://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html feedback@blackhat.com (Black Hat RSS Feed) Computers/Hacking/ 464420B7-D4BA-49CE-B884-13B49AE15F5D Mon, 9 Jan 2006 16:10:19 -0700 Remote and Local Exploitation of Network Drivers During 2006 vulnerabilities in wireless LAN drivers gained an increasing attention in security community. One can explain this by the fact that any hacker can take control over every vulnerable laptop of entire enterprise without any "visible" connection with those laptops and execute a malicious code in kernel. This work describes the process behind hunting remote and local vulnerabilities in wireless LAN drivers as well as in other types of network drivers. The first part of the work describes simple and much more advanced examples of remote execution vulnerabilities in wireless device drivers that should be considered during quest for vulnerabilities. We demonstrate an example design of kernel-mode payload on Windows and construct a simple wireless frames fuzzer. The second part of the work explains local privilege escalation vulnerabilities in I/O Control device driver interface on Windows, introduces a technique to uncover them and IOCTLBO fuzzer implementing this technique. Third part of the work describes specific examples of local vulnerabilities in network drivers that can be exploited remotely and introduces an exploitation technique. In the last part of the work we present case studies of remote and local vulnerabilities mitigated in Intel Centrino wireless LAN drivers. The work concludes discussing vulnerabilities in other types of network drivers. 1:14:40 Yoriy Bolygin Yoriy Bolygin ,Briefings and Training, Black Hat, BlackHat,hacking,hack,computer security, speeches, presentations, spoken word, video, audio no no Yoriy Bolygin: Remote and Local Exploitation of Network Drivers During 2006 vulnerabilities in wireless LAN drivers gained an increasing attention in security community. One can explain this by the fact that any hacker can take control over every vulnerable laptop of entire enterprise without any "visible" connection with those laptops and execute a malicious code in kernel. This work describes the process behind hunting remote and local vulnerabilities in wireless LAN drivers as well as in other types of network drivers. The first part of the work describes simple and much more advanced examples of remote execution vulnerabilities in wireless device drivers that should be considered during quest for vulnerabilities. We demonstrate an example design of kernel-mode payload on Windows and construct a simple wireless frames fuzzer. The second part of the work explains local privilege escalation vulnerabilities in I/O Control device driver interface on Windows, introduces a technique to uncover them and IOCTLBO fuzzer implementing this technique. Third part of the work describes specific examples of local vulnerabilities in network drivers that can be exploited remotely and introduces an exploitation technique. In the last part of the work we present case studies of remote and local vulnerabilities mitigated in Intel Centrino wireless LAN drivers. The work concludes discussing vulnerabilities in other types of network drivers. Yoriy Bolygin Black Hat / CMP Media, Inc. Computers_and_Internet/Security_and_Encryption/Hacking/Conferences/ Computers/Hacking/ We present Sphinx, a new fully anomaly-based Web Intrusion Detection Systems (WIDS). Sphinx has been implemented as an Apache module (like ModSecurity, the most deployed Web Application Firewall), therefore can deal with SSL and POST data. Our system uses different techniques at the same time to improve detection and false positive rates. Being anomaly-based, Sphinx needs a training phase before the real detection could start: during the training, Sphinx ?learns? automatically the type of each parameter inside user requests and applies the most suitable model to detect attacks. We define 3 basic types: numerical, short and long texts. The idea behind this is that, e.g., if we observe only integer values and later some text, that is likely to be an attack (e.g. SQL Injection or XSS).<br /> For numerical parameters, a type checker is applied. For short texts (text with fixed length or slight variations), Sphinx uses a grammar checker: grammars are built observing the parameter content (during the training phase) and then used to check the similarity of new content during detection. Long texts are typically e-mail/forum messages, which change often their length and would produce infeasible grammars. For this kind of content we use a modified version of our NIDS POSEIDON, using n-gram analysis.<br /> Furthermore, Sphinx can actively support the deployment of WAFs like ModSecurity: e.g. if we are deploying an ad hoc web application, most probably we need to spend a lot of time on writing signatures (or when 3rd parties? software is used). Once Sphinx accomplishes the training phase, it can automatically generates ModSecurity-style signatures for numerical and (some) short-text parameters, making the deployment much easier. http://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html feedback@blackhat.com (Black Hat RSS Feed) Computers/Hacking/ 3D22A13C-C8D2-4BFD-809C-81E4283A322E Mon, 9 Jan 2006 16:10:19 -0700 Sphinx: an anomaly-based Web Intrusion Detection System We present Sphinx, a new fully anomaly-based Web Intrusion Detection Systems (WIDS). Sphinx has been implemented as an Apache module (like ModSecurity, the most deployed Web Application Firewall), therefore can deal with SSL and POST data. Our system uses different techniques at the same time to improve detection and false positive rates. Being anomaly-based, Sphinx needs a training phase before the real detection could start: during the training, Sphinx ?learns? automatically the type of each parameter inside user requests and applies the most suitable model to detect attacks. We define 3 basic types: numerical, short and long texts. The idea behind this is that, e.g., if we observe only integer values and later some text, that is likely to be an attack (e.g. SQL Injection or XSS). For numerical parameters, a type checker is applied. For short texts (text with fixed length or slight variations), Sphinx uses a grammar checker: grammars are built observing the parameter content (during the training phase) and then used to check the similarity of new content during detection. Long texts are typically e-mail/forum messages, which change often their length and would produce infeasible grammars. For this kind of content we use a modified version of our NIDS POSEIDON, using n-gram analysis. Furthermore, Sphinx can actively support the deployment of WAFs like ModSecurity: e.g. if we are deploying an ad hoc web application, most probably we need to spend a lot of time on writing signatures (or when 3rd parties? software is used). Once Sphinx accomplishes the training phase, it can automatically generates ModSecurity-style signatures for numerical and (some) short-text parameters, making the deployment much easier. 1:03:39 Damiano Bolzoni & Emmanuel Zambon Damiano Bolzoni ,Briefings and Training, Black Hat, BlackHat,hacking,hack,computer security, speeches, presentations, spoken word, video, audio no no Damiano Bolzoni & Emmanuel Zambon: Sphinx: an anomaly-based Web Intrusion Detection System We present Sphinx, a new fully anomaly-based Web Intrusion Detection Systems (WIDS). Sphinx has been implemented as an Apache module (like ModSecurity, the most deployed Web Application Firewall), therefore can deal with SSL and POST data. Our system uses different techniques at the same time to improve detection and false positive rates. Being anomaly-based, Sphinx needs a training phase before the real detection could start: during the training, Sphinx ?learns? automatically the type of each parameter inside user requests and applies the most suitable model to detect attacks. We define 3 basic types: numerical, short and long texts. The idea behind this is that, e.g., if we observe only integer values and later some text, that is likely to be an attack (e.g. SQL Injection or XSS). For numerical parameters, a type checker is applied. For short texts (text with fixed length or slight variations), Sphinx uses a grammar checker: grammars are built observing the parameter content (during the training phase) and then used to check the similarity of new content during detection. Long texts are typically e-mail/forum messages, which change often their length and would produce infeasible grammars. For this kind of content we use a modified version of our NIDS POSEIDON, using n-gram analysis. Furthermore, Sphinx can actively support the deployment of WAFs like ModSecurity: e.g. if we are deploying an ad hoc web application, most probably we need to spend a lot of time on writing signatures (or when 3rd parties? software is used). Once Sphinx accomplishes the training phase, it can automatically generates ModSecurity-style signatures for numerical and (some) short-text parameters, making the deployment much easier. Damiano Bolzoni & Emmanuel Zambon Black Hat / CMP Media, Inc. Computers_and_Internet/Security_and_Encryption/Hacking/Conferences/ Computers/Hacking/
This session provides a detailed exploration of code injection attacks and novel countermeasures, including:

1. The technical details of code injection starting with basic user land techniques and continuing through to the most advanced kernel injection techniques faced today.

2. Case study of captured malware that reveals how these techniques are used in real world situations.

3. Discussion of current memory forensic strengths and weaknesses.

4. New memory forensic analysis techniques for determining if a potential victim machine has been infected via code injection.

5. Post acquisition analysis.]]> http://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html feedback@blackhat.com (Black Hat RSS Feed) Computers/Hacking/ 33C188C5-3D8F-4F7C-9A59-88A40198650D Mon, 9 Jan 2006 16:10:19 -0700 Blackout: What Really Happened... Malicious software authors use code injection techniques to avoid detection, bypass host-level security controls, thwart the efforts of human analysts, and make traditional memory forensics ineffective. Often a forensic examiner or incident response analyst may not know the weaknesses of the tools they are using or the advantage the attacker has over those tools by hiding in certain locations. This session provides a detailed exploration of code injection attacks and novel countermeasures, including: 1. The technical details of code injection starting with basic user land techniques and continuing through to the most advanced kernel injection techniques faced today. 2. Case study of captured malware that reveals how these techniques are used in real world situations. 3. Discussion of current memory forensic strengths and weaknesses. 4. New memory forensic analysis techniques for determining if a potential victim machine has been infected via code injection. 5. Post acquisition analysis. 1:10:25 Jamie Butler & Kris Kendall Jamie Butler,Briefings and Training, Black Hat, BlackHat,hacking,hack,computer security, speeches, presentations, spoken word, video, audio no no Jamie Butler & Kris Kendall: Blackout: What Really Happened... Malicious software authors use code injection techniques to avoid detection, bypass host-level security controls, thwart the efforts of human analysts, and make traditional memory forensics ineffective. Often a forensic examiner or incident response analyst may not know the weaknesses of the tools they are using or the advantage the attacker has over those tools by hiding in certain locations. This session provides a detailed exploration of code injection attacks and novel countermeasures, including: 1. The technical details of code injection starting with basic user land techniques and continuing through to the most advanced kernel injection techniques faced today. 2. Case study of captured malware that reveals how these techniques are used in real world situations. 3. Discussion of current memory forensic strengths and weaknesses. 4. New memory forensic analysis techniques for determining if a potential victim machine has been infected via code injection. 5. Post acquisition analysis. Jamie Butler & Kris Kendall Black Hat / CMP Media, Inc. Computers_and_Internet/Security_and_Encryption/Hacking/Conferences/ Computers/Hacking/ Cross Site Scripting has received much attention over the last several years, although some of its more ominous implications have not received much attention. Anti-DNS pinning is a relatively new threat that, while not well understood by most security professionals, is far from theoretical. This presentation will focus on a live demonstration of anti-DNS pinning techniques. A victim web browser will be used to execute arbitrary, interactive HTTP requests to any server, completely bypassing perimeter firewalls.<br /> <br /> This is NOT a Jickto knockoff. Jickto relies on using a proxy or caching site like Google to place both sites in the same domain. This does not allow for full interaction with dynamic pages, or any interaction with internal web sites. This demonstration allows full interaction with arbitrary web servers in the intranet environment. No browser bugs or plug-ins are required to accomplish this, only JavaScript.<br /> <br /> The presenter will demonstrate an automated attack process that provides an HTTP proxy service for the attacker?s browser after scanning the internal network for web servers. New requests are retrieved from the attack server by using the width and height of truncated images (only 66 bytes) as a covert channel.*** This bypasses the browser DOM normal behavior of allowing data to be requested only from the server that provided the HTML.<br /> <br /> Before demonstrating the tool, anti-DNS pinning will be explained in a way that anyone familiar with the basics of DNS and HTTP will understand. The presenter will describe the presentation environment and attack components, then walk through the steps in an attack. Once the foundation concepts have been established, the live demonstration will be performed.<br /> <br /> Towards the end, the presentation will also briefly cover suggested defenses, including changing pinning behavior in browsers, better intranet security, gateway behavioral scanners, increased granularity for IE security zones, and introduction of security zones into Mozilla and other browsers. http://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html feedback@blackhat.com (Black Hat RSS Feed) Computers/Hacking/ 726964E1-D0E3-4CD8-8198-1AB425A4F3A7 Mon, 9 Jan 2006 16:10:19 -0700 Intranet Invasion With Anti-DNS Pinning Cross Site Scripting has received much attention over the last several years, although some of its more ominous implications have not received much attention. Anti-DNS pinning is a relatively new threat that, while not well understood by most security professionals, is far from theoretical. This presentation will focus on a live demonstration of anti-DNS pinning techniques. A victim web browser will be used to execute arbitrary, interactive HTTP requests to any server, completely bypassing perimeter firewalls. This is NOT a Jickto knockoff. Jickto relies on using a proxy or caching site like Google to place both sites in the same domain. This does not allow for full interaction with dynamic pages, or any interaction with internal web sites. This demonstration allows full interaction with arbitrary web servers in the intranet environment. No browser bugs or plug-ins are required to accomplish this, only JavaScript. The presenter will demonstrate an automated attack process that provides an HTTP proxy service for the attacker?s browser after scanning the internal network for web servers. New requests are retrieved from the attack server by using the width and height of truncated images (only 66 bytes) as a covert channel.*** This bypasses the browser DOM normal behavior of allowing data to be requested only from the server that provided the HTML. Before demonstrating the tool, anti-DNS pinning will be explained in a way that anyone familiar with the basics of DNS and HTTP will understand. The presenter will describe the presentation environment and attack components, then walk through the steps in an attack. Once the foundation concepts have been established, the live demonstration will be performed. Towards the end, the presentation will also briefly cover suggested defenses, including changing pinning behavior in browsers, better intranet security, gateway behavioral scanners, increased granularity for IE security zones, and introduction of security zones into Mozilla and other browsers. 53:54 David Byrne David Byrne ,Briefings and Training, Black Hat, BlackHat,hacking,hack,computer security, speeches, presentations, spoken word, video, audio no no David Byrne: Intranet Invasion With Anti-DNS Pinning Cross Site Scripting has received much attention over the last several years, although some of its more ominous implications have not received much attention. Anti-DNS pinning is a relatively new threat that, while not well understood by most security professionals, is far from theoretical. This presentation will focus on a live demonstration of anti-DNS pinning techniques. A victim web browser will be used to execute arbitrary, interactive HTTP requests to any server, completely bypassing perimeter firewalls. This is NOT a Jickto knockoff. Jickto relies on using a proxy or caching site like Google to place both sites in the same domain. This does not allow for full interaction with dynamic pages, or any interaction with internal web sites. This demonstration allows full interaction with arbitrary web servers in the intranet environment. No browser bugs or plug-ins are required to accomplish this, only JavaScript. The presenter will demonstrate an automated attack process that provides an HTTP proxy service for the attacker?s browser after scanning the internal network for web servers. New requests are retrieved from the attack server by using the width and height of truncated images (only 66 bytes) as a covert channel.*** This bypasses the browser DOM normal behavior of allowing data to be requested only from the server that provided the HTML. Before demonstrating the tool, anti-DNS pinning will be explained in a way that anyone familiar with the basics of DNS and HTTP will understand. The presenter will describe the presentation environment and attack components, then walk through the steps in an attack. Once the foundation concepts have been established, the live demonstration will be performed. Towards the end, the presentation will also briefly cover suggested defenses, including changing pinning behavior in browsers, better intranet security, gateway behavioral scanners, increased granularity for IE security zones, and introduction of security zones into Mozilla and other browsers. David Byrne Black Hat / CMP Media, Inc. Computers_and_Internet/Security_and_Encryption/Hacking/Conferences/ Computers/Hacking/ In 2007 black hat Europe a talk was given titled: "Heap Feng Shui in JavaScript" That presentation introduced a new technique for precise manipulation of the browser heap layout using specific sequences of JavaScript allocations. This allowed an attacker to set up the heap in any desired state and exploit difficult heap corruption vulnerabilities with more reliability and precision. Our talk is a defensive response to this new technique. We will begin with an overview of "in the wild" heap spray exploits and how we can catch them, as well other zero day exploits using our exploit-detection module. We will give an overview of the analysis engine we have built that utilizes this module and we will demonstrate scanning and detection of a "live" website hosting a heap corruption vulnerability. The talk will focus on Internet Explorer exploitation, but the general technique presented is applicable to other browsers as well. http://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html feedback@blackhat.com (Black Hat RSS Feed) Computers/Hacking/ C9467204-CD52-4A1E-B328-98731502A93D Mon, 9 Jan 2006 16:10:19 -0700 Defeating Web Browser Heap Spray Attacks In 2007 black hat Europe a talk was given titled: "Heap Feng Shui in JavaScript" That presentation introduced a new technique for precise manipulation of the browser heap layout using specific sequences of JavaScript allocations. This allowed an attacker to set up the heap in any desired state and exploit difficult heap corruption vulnerabilities with more reliability and precision. Our talk is a defensive response to this new technique. We will begin with an overview of "in the wild" heap spray exploits and how we can catch them, as well other zero day exploits using our exploit-detection module. We will give an overview of the analysis engine we have built that utilizes this module and we will demonstrate scanning and detection of a "live" website hosting a heap corruption vulnerability. The talk will focus on Internet Explorer exploitation, but the general technique presented is applicable to other browsers as well. 35:27 Stephan Chenette & Moti Joseph Stephan Chenette ,Briefings and Training, Black Hat, BlackHat,hacking,hack,computer security, speeches, presentations, spoken word, video, audio no no Stephan Chenette & Moti Joseph: Defeating Web Browser Heap Spray Attacks In 2007 black hat Europe a talk was given titled: "Heap Feng Shui in JavaScript" That presentation introduced a new technique for precise manipulation of the browser heap layout using specific sequences of JavaScript allocations. This allowed an attacker to set up the heap in any desired state and exploit difficult heap corruption vulnerabilities with more reliability and precision. Our talk is a defensive response to this new technique. We will begin with an overview of "in the wild" heap spray exploits and how we can catch them, as well other zero day exploits using our exploit-detection module. We will give an overview of the analysis engine we have built that utilizes this module and we will demonstrate scanning and detection of a "live" website hosting a heap corruption vulnerability. The talk will focus on Internet Explorer exploitation, but the general technique presented is applicable to other browsers as well. Stephan Chenette & Moti Joseph Black Hat / CMP Media, Inc. Computers_and_Internet/Security_and_Encryption/Hacking/Conferences/ Computers/Hacking/ Get ready for the code to fly as two masters compete to discover as many security vulnerabilities in a single application as possible. In the spirit of the Food Network?s cult favorite show, Iron Chef, our Chairman will reveal the surprise ingredient (the code), and then let the challenger and the ?Iron Hacker? face off in a frenetic security battle. The guest panel will judge the tools created and used to determine which who's hack-fu will be victorious and who will be vanquished.<br /> <br /> Remember, our testers have only one hour to complete their challenge and will only be able to use tools they themselves have created. Watch as the masters wield their own weapons. What will they concoct? Who will come out victorious? Which techniques will prove most effective in a high-pressure every-minute-counts environment? Come and see for yourself!<br /> <br /> Visit ?Vulnerability Stadium? and watch a fierce battle. Our contestants will have upwards of five minutes to discuss their strategy before the battle begins. The show will be taped live with a studio audience and our co-hosts will provide running commentary, encourage the competitors and judge the results with the audience, based on originality of created tool, presentation of the number of bugs, and creativity of using the tool when searching for vulnerabilities. So Black Hat attendees... with an open application and an empty exploit list, I say unto you in the words of my uncle: Hack This! http://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html feedback@blackhat.com (Black Hat RSS Feed) Computers/Hacking/ D8B93CDF-FA3C-4237-A513-63B68CD3B2AF Mon, 9 Jan 2006 16:10:19 -0700 Iron Chef Blackhat Get ready for the code to fly as two masters compete to discover as many security vulnerabilities in a single application as possible. In the spirit of the Food Network?s cult favorite show, Iron Chef, our Chairman will reveal the surprise ingredient (the code), and then let the challenger and the ?Iron Hacker? face off in a frenetic security battle. The guest panel will judge the tools created and used to determine which who's hack-fu will be victorious and who will be vanquished. Remember, our testers have only one hour to complete their challenge and will only be able to use tools they themselves have created. Watch as the masters wield their own weapons. What will they concoct? Who will come out victorious? Which techniques will prove most effective in a high-pressure every-minute-counts environment? Come and see for yourself! Visit ?Vulnerability Stadium? and watch a fierce battle. Our contestants will have upwards of five minutes to discuss their strategy before the battle begins. The show will be taped live with a studio audience and our co-hosts will provide running commentary, encourage the competitors and judge the results with the audience, based on originality of created tool, presentation of the number of bugs, and creativity of using the tool when searching for vulnerabilities. So Black Hat attendees... with an open application and an empty exploit list, I say unto you in the words of my uncle: Hack This! 57:41 Brian Chess, Jacob West, Sean Fay & Toshinari Kureha Brian Chess,Briefings and Training, Black Hat, BlackHat,hacking,hack,computer security, speeches, presentations, spoken word, video, audio no no Brian Chess, Jacob West, Sean Fay & Toshinari Kureha: Iron Chef Blackhat Get ready for the code to fly as two masters compete to discover as many security vulnerabilities in a single application as possible. In the spirit of the Food Network?s cult favorite show, Iron Chef, our Chairman will reveal the surprise ingredient (the code), and then let the challenger and the ?Iron Hacker? face off in a frenetic security battle. The guest panel will judge the tools created and used to determine which who's hack-fu will be victorious and who will be vanquished. Remember, our testers have only one hour to complete their challenge and will only be able to use tools they themselves have created. Watch as the masters wield their own weapons. What will they concoct? Who will come out victorious? Which techniques will prove most effective in a high-pressure every-minute-counts environment? Come and see for yourself! Visit ?Vulnerability Stadium? and watch a fierce battle. Our contestants will have upwards of five minutes to discuss their strategy before the battle begins. The show will be taped live with a studio audience and our co-hosts will provide running commentary, encourage the competitors and judge the results with the audience, based on originality of created tool, presentation of the number of bugs, and creativity of using the tool when searching for vulnerabilities. So Black Hat attendees... with an open application and an empty exploit list, I say unto you in the words of my uncle: Hack This! Brian Chess, Jacob West, Sean Fay & Toshinari Kureha Black Hat / CMP Media, Inc. Computers_and_Internet/Security_and_Encryption/Hacking/Conferences/ Computers/Hacking/
This year, there will be two separate panels:
IA Panel: Information assurance, CERTS, first responders organizations
from agencies including DC3, DHS, SOCOM, NSA, OSD, NDU, and GAO

LE Panel: Law enforcement, counterintelligence agencies including DC3, FBI,
IRS, NCIS, NASA, DoJ, NWC3, US Postal IG, FLETC, and RCMP

Jim Christy is a recently (1 Dec 2006) retired special agent that specialized in cyber crime investigations and digital evidence for over 20 years and 35 years of federal service. Jim is currently the Director of Futures Exploration for the Defense Cyber Crime Center (DC3) and was profiled in Wired Magazine in January 2007.

* Dir of Futures Exploration
* Dir the Defense Cyber Crime Institute
* R&D of digital forensic tools and processes
* T&Validation of tools both Hardware & software used in an accredited
digital forensics lab
* Dir of Ops for Defense Computer Forensics Lab
* LE/CI Liaison to OSD IA
* DoD Rep to Presidents Infrastructure Protection Task Force
* US Senate Investigator Perm Sub of Invest
* 11 years Dir of AF OSI Computer Crime Investigations

]]> http://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html feedback@blackhat.com (Black Hat RSS Feed) Computers/Hacking/ DD4D277E-AD94-4841-AC0E-774289DF1ADF Mon, 9 Jan 2006 16:10:19 -0700 Meet the Feds Discussion of the power of Digital Forensics today and the real-world challenges. Also discuss the Defense Cyber Crime Center (DC3) and the triad of organizations that comprise DC3; The Defense Computer Forensics Lab, the Defense Cyber Crime Institute, and the Defense Cyber Investigations Training Academy. The evolving discipline of cyber crime investigations and the critical role law enforcement plays in a Network Centric Warfare environment. The accreditation process for a cyber forensics lab, the forensic processes, and capabilities. This year, there will be two separate panels: IA Panel: Information assurance, CERTS, first responders organizations from agencies including DC3, DHS, SOCOM, NSA, OSD, NDU, and GAO LE Panel: Law enforcement, counterintelligence agencies including DC3, FBI, IRS, NCIS, NASA, DoJ, NWC3, US Postal IG, FLETC, and RCMP Jim Christy is a recently (1 Dec 2006) retired special agent that specialized in cyber crime investigations and digital evidence for over 20 years and 35 years of federal service. Jim is currently the Director of Futures Exploration for the Defense Cyber Crime Center (DC3) and was profiled in Wired Magazine in January 2007. * Dir of Futures Exploration * Dir the Defense Cyber Crime Institute * R&D of digital forensic tools and processes * T&Validation of tools both Hardware & software used in an accredited digital forensics lab * Dir of Ops for Defense Computer Forensics Lab * LE/CI Liaison to OSD IA * DoD Rep to Presidents Infrastructure Protection Task Force * US Senate Investigator Perm Sub of Invest * 11 years Dir of AF OSI Computer Crime Investigations 1:13:48 Jim Christy/Meet the Feds Jim ,Briefings and Training, Black Hat, BlackHat,hacking,hack,computer security, speeches, presentations, spoken word, video, audio no no Jim Christy: Meet the Feds Discussion of the power of Digital Forensics today and the real-world challenges. Also discuss the Defense Cyber Crime Center (DC3) and the triad of organizations that comprise DC3; The Defense Computer Forensics Lab, the Defense Cyber Crime Institute, and the Defense Cyber Investigations Training Academy. The evolving discipline of cyber crime investigations and the critical role law enforcement plays in a Network Centric Warfare environment. The accreditation process for a cyber forensics lab, the forensic processes, and capabilities. This year, there will be two separate panels: IA Panel: Information assurance, CERTS, first responders organizations from agencies including DC3, DHS, SOCOM, NSA, OSD, NDU, and GAO LE Panel: Law enforcement, counterintelligence agencies including DC3, FBI, IRS, NCIS, NASA, DoJ, NWC3, US Postal IG, FLETC, and RCMP Jim Christy is a recently (1 Dec 2006) retired special agent that specialized in cyber crime investigations and digital evidence for over 20 years and 35 years of federal service. Jim is currently the Director of Futures Exploration for the Defense Cyber Crime Center (DC3) and was profiled in Wired Magazine in January 2007. * Dir of Futures Exploration * Dir the Defense Cyber Crime Institute * R&D of digital forensic tools and processes * T&Validation of tools both Hardware & software used in an accredited digital forensics lab * Dir of Ops for Defense Computer Forensics Lab * LE/CI Liaison to OSD IA * DoD Rep to Presidents Infrastructure Protection Task Force * US Senate Investigator Perm Sub of Invest * 11 years Dir of AF OSI Computer Crime Investigations Jim Christy/Meet the Feds Black Hat / CMP Media, Inc. Computers_and_Internet/Security_and_Encryption/Hacking/Conferences/ Computers/Hacking/
Brad Stone, New York Times technology correspondent
Brad Stone joined the New York Times in December 2006. He covers Internet trends from the newspapers San Francisco bureau. In addition to writing for the paper, he contributes to the Times technology blog, Bits.

>From 1998 to November 2006, Stone served as the Silicon Valley Correspondent for Newsweek magazine, writing for the technology and business sections of the magazine and authoring a regular column, Plain Text, on our evolving digital lifestyles.

He joined the Newsweek writing staff in 1996 as a general assignment reporter and covered a wide range of subjects. He wrote about Mark McGwire's home run chase during the summer of 1998, the jury deliberations in the Timothy McVeigh trial, and profiled authors such as Kurt Vonnegut. He is also a frequent contributor to Wired magazine, and has written for publications such as More magazine and the Sunday Telegraph in London.

Brad graduated from Columbia University in 1993 and is originally from Cleveland, Ohio.

Patrick Chung, Partner, NEA
Patrick joined NEA as an Associate in 2004 and became Partner in 2007. Patrick focuses on venture growth equity, consumer, Internet, and mobile investments. He is a director of Loopt and Realtime Worlds, and is actively involved with 23andMe, Xoom and the firm's venture growth activities. Prior to joining NEA, Patrick helped to grow ZEFER, an Internet services firm (acquired by NEC) to more than $100 million in annual revenues and more than 700 people across six global offices. The company attracted over $100 million in venture capital financing. Prior to ZEFER, Patrick was with McKinsey & Company, where he specialized in hardware, software, and services companies. Patrick received a joint JD-MBA degree from Harvard Law School and Harvard Business School, where he was the only candidate in his year to earn honors at both. He also served as an Editor of the Harvard Law Review. Patrick was one of only nine Canadian citizens to be elected a Commonwealth Scholar to study at Oxford University, where he earned a Master of Science degree and won both class prizes for Best Dissertation and Best Overall Performance. Patrick earned his A.B. degree at Harvard University in Environmental Science. He is a member of the New York and Massachusettsbars.

Maria Cirino, Co-Founder and Managing Director, .406 Ventures
Maria is co-founder and managing director of .406 Ventures, a new VC firm focused on early stage investments in security, IT, and services. She serves as an active investor, director and/or chairman in one public company and four venture-backed companies including Verecode and Bit9. Maria brings 21 years of entrepreneurial, operating and senior management experience in venture-backed technology companies. Most recently, she served as an SVP of Verisign following its 2005 $142 million acquisition of Guardenta Sequoia, Charles River Ventures and NEA-backed IT security company that she co-founded and led as CEO and Chairman. In this role, Maria received several industry honors and awards, including "Ernst & Young Entrepreneur of the Year in 2003." Prior to Guardent, Maria was Senior Vice President responsible for sales and marketing at i-Cube, an IT services company, which was acquired in 1999 by Razorfish for $1.8 billion. Prior to Razorfish, she was responsible for North American sales at Shiva, the category creating network infrastructure company from 1993 to 1997.

Mark McGovern, Tech Lead, In-Q-Tel
Mark McGovern leads the communications and infrastructure practice for In-Q-Tel, the strategic investment firm that supports the U.S. Intelligence Community. He has extensive experience developing, securing and deploying data systems. Prior to joining In-Q-Tel, Mr. McGovern was Director of Technology for Cigital Inc. He led Cigital's software security group and supported a Fortune 100 clientele that included Microsoft, MasterCard International, CitiBank, Symantec, CheckFree, the UK National Lottery and the Federal Reserve Banks of Richmond, New York and Boston. Earlier in his career, Mr. McGovern worked for the Central Intelligence Agency. Mr. McGovern holds a B.S. in Electrical Engineering from Worcester Polytechnic Institute and an M.S. in Systems Engineering from Virginia Polytechnic Institute.

Dov Yoran is a Partner at Security Growth Partners (SGP). Prior to joining SGP, Mr. Yoran was Vice President for Strategic Alliances at Solutionary, Inc. a leading Managed Security Services Provider. He was responsible for all partnerships, global channel revenue and marketing efforts.

Previously, at Symantec Corporation, Mr. Yoran managed the Services Partner Program, having global responsibility for creating, launching and managing the partner re-seller program. This program generated over 50% of Symantec Services revenue, with a partner base expanding across six continents.

Mr. Yoran came to Symantec as part of the Riptech, Inc. acquisition, in a $145 Million transaction that ranked in the top 2% of all technology mergers in 2002. Riptech was the leading managed security services firm that monitored and protected its client base on a 24x7 basis. At Riptech, he spearheaded the channel strategy, marketing and sales operations, growing the reseller program to over 50% of the company's revenue.

Prior to that, Mr. Yoran has worked in several technology start-ups as well as Accenture (formerly Anderson Consulting) where he focused on technolog and strategy engagements in the Financial Services Industry.

Mr. Yoran has also written and lectured on several Information Security topics. He holds a Masters of Science in Engineering Management and System Engineering with a concentration in Information Security Management from the George Washington University and is a cum laude Bachelor of Science in Chemistry graduate from Tufts University.]]> http://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html feedback@blackhat.com (Black Hat RSS Feed) Computers/Hacking/ ED754B3C-73B1-40C5-9FF3-DA1D3DA17B23 Mon, 9 Jan 2006 16:10:19 -0700 Meet the VC's 2007 held numerous watershed events for the security industry. Innovation is needed and the money is there. Come to this session and meet the VCs actively investing in security, web, and mobile applications. Learn how VCs see the future, what they are looking for, and how best to utilize them to further your innovations. This session will conclude with a announcement about the Black Hat/DEFCON Open, a business plan competition focused on innovations in security; winners will be announced at Black Hat 2008 and DEFCON 16. 1:07:57 Maria Cirino Maria Cirino,Briefings and Training, Black Hat, BlackHat,hacking,hack,computer security, speeches, presentations, spoken word, video, audio no no Maria Cirino: Meet the VC's 2007 held numerous watershed events for the security industry. Innovation is needed and the money is there. Come to this session and meet the VCs actively investing in security, web, and mobile applications. Learn how VCs see the future, what they are looking for, and how best to utilize them to further your innovations. This session will conclude with a announcement about the Black Hat/DEFCON Open, a business plan competition focused on innovations in security; winners will be announced at Black Hat 2008 and DEFCON 16. Maria Cirino Black Hat / CMP Media, Inc. Computers_and_Internet/Security_and_Encryption/Hacking/Conferences/ Computers/Hacking/ This presentation reviews the important prosecutions, precedents and legal opinions of the last year that affect internet and computer security. We will discuss the differences between legal decisions from criminal cases and civil lawsuits and what that means to the security professional. Additionally, we look at topics such as: email retention and discovery; Hewlett-Packard; active response; nondisclosure and non-competition agreements; identity theft and notification issues; legal aspects of emerging technologies; lawsuits involving IT corporations (Google, Yahoo, Apple, Microsoft); and of course, the NSA surveillance litigation. As always, this presentation is strongly audience driven and it quickly becomes an open forum for questions and debate. http://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html feedback@blackhat.com (Black Hat RSS Feed) Computers/Hacking/ 7271DE02-C4D5-42F1-8132-56842D903441 Mon, 9 Jan 2006 16:10:19 -0700 Computer and Internet Security Law - A Year in Review 2006 - 2007 This presentation reviews the important prosecutions, precedents and legal opinions of the last year that affect internet and computer security. We will discuss the differences between legal decisions from criminal cases and civil lawsuits and what that means to the security professional. Additionally, we look at topics such as: email retention and discovery; Hewlett-Packard; active response; nondisclosure and non-competition agreements; identity theft and notification issues; legal aspects of emerging technologies; lawsuits involving IT corporations (Google, Yahoo, Apple, Microsoft); and of course, the NSA surveillance litigation. As always, this presentation is strongly audience driven and it quickly becomes an open forum for questions and debate. 1:01:09 Robert W Clark Robert W Clark,Briefings and Training, Black Hat, BlackHat,hacking,hack,computer security, speeches, presentations, spoken word, video, audio no no Robert W Clark: Computer and Internet Security Law - A Year in Review 2006 - 2007 This presentation reviews the important prosecutions, precedents and legal opinions of the last year that affect internet and computer security. We will discuss the differences between legal decisions from criminal cases and civil lawsuits and what that means to the security professional. Additionally, we look at topics such as: email retention and discovery; Hewlett-Packard; active response; nondisclosure and non-competition agreements; identity theft and notification issues; legal aspects of emerging technologies; lawsuits involving IT corporations (Google, Yahoo, Apple, Microsoft); and of course, the NSA surveillance litigation. As always, this presentation is strongly audience driven and it quickly becomes an open forum for questions and debate. Robert W Clark Black Hat / CMP Media, Inc. Computers_and_Internet/Security_and_Encryption/Hacking/Conferences/ Computers/Hacking/ To those who seek truth through science, even when the powerful try to suppress it.<br /> Richard A. Clarke is a former U.S. government official who specialized in intelligence, cyber security and counter-terrorism. Until his retirement in January 2003, Mr. Clarke was a member of the Senior Executive Service. He served as an advisor to four U.S. presidents from 1973 to 2003: Ronald Reagan, George H.W. Bush, Bill Clinton and George W. Bush. Most notably, Clarke was the chief counter-terrorism adviser on the U.S. National Security Council for both the latter part of the Clinton Administration and early part of the George W. Bush Administration through the time of the 9/11 terrorist attacks.<br /> <br /> Clarke came to widespread public attention for his role as counter-terrorism czar in the Clinton and Bush Administrations when in March of 2004 he appeared on the 60 Minutes television news magazine, his memoir about his service in government, Against All Enemies was released, and he testified before the 9/11 Commission. In all three instances, Clarke was sharply critical of the Bush Administration's attitude toward counter-terrorism before the 9/11 terrorist attacks and the decision to go to war with Iraq.<br /> <br /> Richard Clarke is currently Chairman of Good Harbor Consulting, a strategic planning and corporate risk management firm, an on-air consultant for ABC News, and a contributor to GoodHarborReport.com, an online community discussing homeland security, defense, and politics. He also recently published his first novel, The Scorpion's Gate, in 2005; and a second, Breakpoint, in 2007. http://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html feedback@blackhat.com (Black Hat RSS Feed) Computers/Hacking/ C8DCCA8F-301C-428E-8EEB-FC76DC488D85 Mon, 9 Jan 2006 16:10:19 -0700 Keynote: A Story About Digital Security in 2017 To those who seek truth through science, even when the powerful try to suppress it. Richard A. Clarke is a former U.S. government official who specialized in intelligence, cyber security and counter-terrorism. Until his retirement in January 2003, Mr. Clarke was a member of the Senior Executive Service. He served as an advisor to four U.S. presidents from 1973 to 2003: Ronald Reagan, George H.W. Bush, Bill Clinton and George W. Bush. Most notably, Clarke was the chief counter-terrorism adviser on the U.S. National Security Council for both the latter part of the Clinton Administration and early part of the George W. Bush Administration through the time of the 9/11 terrorist attacks. Clarke came to widespread public attention for his role as counter-terrorism czar in the Clinton and Bush Administrations when in March of 2004 he appeared on the 60 Minutes television news magazine, his memoir about his service in government, Against All Enemies was released, and he testified before the 9/11 Commission. In all three instances, Clarke was sharply critical of the Bush Administration's attitude toward counter-terrorism before the 9/11 terrorist attacks and the decision to go to war with Iraq. Richard Clarke is currently Chairman of Good Harbor Consulting, a strategic planning and corporate risk management firm, an on-air consultant for ABC News, and a contributor to GoodHarborReport.com, an online community discussing homeland security, defense, and politics. He also recently published his first novel, The Scorpion's Gate, in 2005; and a second, Breakpoint, in 2007. 44:50 Richard A. Clarke Richard A. Clarke ,Briefings and Training, Black Hat, BlackHat,hacking,hack,computer security, speeches, presentations, spoken word, video, audio no no Richard A. Clarke: Keynote: A Story About Digital Security in 2017 To those who seek truth through science, even when the powerful try to suppress it. Richard A. Clarke is a former U.S. government official who specialized in intelligence, cyber security and counter-terrorism. Until his retirement in January 2003, Mr. Clarke was a member of the Senior Executive Service. He served as an advisor to four U.S. presidents from 1973 to 2003: Ronald Reagan, George H.W. Bush, Bill Clinton and George W. Bush. Most notably, Clarke was the chief counter-terrorism adviser on the U.S. National Security Council for both the latter part of the Clinton Administration and early part of the George W. Bush Administration through the time of the 9/11 terrorist attacks. Clarke came to widespread public attention for his role as counter-terrorism czar in the Clinton and Bush Administrations when in March of 2004 he appeared on the 60 Minutes television news magazine, his memoir about his service in government, Against All Enemies was released, and he testified before the 9/11 Commission. In all three instances, Clarke was sharply critical of the Bush Administration's attitude toward counter-terrorism before the 9/11 terrorist attacks and the decision to go to war with Iraq. Richard Clarke is currently Chairman of Good Harbor Consulting, a strategic planning and corporate risk management firm, an on-air consultant for ABC News, and a contributor to GoodHarborReport.com, an online community discussing homeland security, defense, and politics. He also recently published his first novel, The Scorpion's Gate, in 2005; and a second, Breakpoint, in 2007. Richard A. Clarke Black Hat / CMP Media, Inc. Computers_and_Internet/Security_and_Encryption/Hacking/Conferences/ Computers/Hacking/ Software companies inevitably produce insecure code. In 2006 alone, CERT has recognized over 8,000 published vulnerabilities in applications. Attackers were previously occupied by the weaker operating systems and have moved on to easier targets: applications. What makes this situation worse, is the weaponization of these exploits and the business drivers behind them. Some organizations struggle to deal with this trend to try to protect their products and customers. Other organizations have nothing in place, and need to create measures as soon as possible.<br /> <br /> This talk will raise several issues that global enterprise organizations currently face with application security and how to overcome them in a cost-effective manner. Some of the issues that will be discussed are software development lifecycle integration, global policy and compliance issues, necessary developer awareness and automated tools, and accurate metrics collection and tracking to measure the progress. Attendees will be introduced to best practices which have worked for McAfee and other large scale global enterprises, and be shown which practices to avoid. If you're only going to invest in a single activity to start, this talk will help you figure out what it should be, and how to measure its success.<br /> <br /> David Coffey is the manager of product security at McAfee. At McAfee, David is responsible for assessing the current state of security of the products, development process, and architecture. David is also responsible for leading a geographically distributed team to provide guidance and education to McAfee employees on security measures, process, integration as well as industry best practices.<br /> <br /> David has been a professional in the technology field for over a decade, providing for strong computer fundamentals and is proficient in both NIX and Windows environments. Prior to joining McAfee, David spent several years working as either an employee or a consultant in financial institutions around the New York area. David later concentrated on architecting, developing and securing multi-tiered, high traffic, dynamic websites, with the largest one doing 92 million hits per day. David served as the sole Application Security Engineer in the 4th largest cable company in the US, performing duties ranging from code audits to architecting IDS deployments to assisting in the securing of network architectures. Most recently, David had the role of Principle Consultant at a security consulting company, managing the security process integration and adoption for a large financial institution which handles a little over 1 quadrillion dollars a year.<br /> <br /> John Viega is Vice President and Chief Security Architect at McAfee, Inc. In this role he is responsible for McAfee Avert Labs' engineering efforts, including the anti-virus engine. In addition to Viega is also in charge of product security strategy, leading security audits of code, and helping to shape the technical directions for the product lines at McAfee. Viega is a well known security expert and cryptographer and has co-authored several books, including Building Secure Software, Secure Programming Cookbook, Network Security with OpenSSL and The 19 Deadly Sins of Software Security. Prior to joining McAfee, Viega was founder and chief technology officer at Secure Software. http://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html feedback@blackhat.com (Black Hat RSS Feed) Computers/Hacking/ FF850ECD-6000-4737-AAA1-8B7C0064B775 Mon, 9 Jan 2006 16:10:19 -0700 Building an Effective Application Security Practice on a Shoestring Budget Software companies inevitably produce insecure code. In 2006 alone, CERT has recognized over 8,000 published vulnerabilities in applications. Attackers were previously occupied by the weaker operating systems and have moved on to easier targets: applications. What makes this situation worse, is the weaponization of these exploits and the business drivers behind them. Some organizations struggle to deal with this trend to try to protect their products and customers. Other organizations have nothing in place, and need to create measures as soon as possible. This talk will raise several issues that global enterprise organizations currently face with application security and how to overcome them in a cost-effective manner. Some of the issues that will be discussed are software development lifecycle integration, global policy and compliance issues, necessary developer awareness and automated tools, and accurate metrics collection and tracking to measure the progress. Attendees will be introduced to best practices which have worked for McAfee and other large scale global enterprises, and be shown which practices to avoid. If you're only going to invest in a single activity to start, this talk will help you figure out what it should be, and how to measure its success. David Coffey is the manager of product security at McAfee. At McAfee, David is responsible for assessing the current state of security of the products, development process, and architecture. David is also responsible for leading a geographically distributed team to provide guidance and education to McAfee employees on security measures, process, integration as well as industry best practices. David has been a professional in the technology field for over a decade, providing for strong computer fundamentals and is proficient in both NIX and Windows environments. Prior to joining McAfee, David spent several years working as either an employee or a consultant in financial institutions around the New York area. David later concentrated on architecting, developing and securing multi-tiered, high traffic, dynamic websites, with the largest one doing 92 million hits per day. David served as the sole Application Security Engineer in the 4th largest cable company in the US, performing duties ranging from code audits to architecting IDS deployments to assisting in the securing of network architectures. Most recently, David had the role of Principle Consultant at a security consulting company, managing the security process integration and adoption for a large financial institution which handles a little over 1 quadrillion dollars a year. John Viega is Vice President and Chief Security Architect at McAfee, Inc. In this role he is responsible for McAfee Avert Labs' engineering efforts, including the anti-virus engine. In addition to Viega is also in charge of product security strategy, leading security audits of code, and helping to shape the technical directions for the product lines at McAfee. Viega is a well known security expert and cryptographer and has co-authored several books, including Building Secure Software, Secure Programming Cookbook, Network Security with OpenSSL and The 19 Deadly Sins of Software Security. Prior to joining McAfee, Viega was founder and chief technology officer at Secure Software. 1:07:57 David Coffey & John Viega David Coffey ,Briefings and Training, Black Hat, BlackHat,hacking,hack,computer security, speeches, presentations, spoken word, video, audio no no David Coffey & John Viega: Building an Effective Application Security Practice on a Shoestring Budget Software companies inevitably produce insecure code. In 2006 alone, CERT has recognized over 8,000 published vulnerabilities in applications. Attackers were previously occupied by the weaker operating systems and have moved on to easier targets: applications. What makes this situation worse, is the weaponization of these exploits and the business drivers behind them. Some organizations struggle to deal with this trend to try to protect their products and customers. Other organizations have nothing in place, and need to create measures as soon as possible. This talk will raise several issues that global enterprise organizations currently face with application security and how to overcome them in a cost-effective manner. Some of the issues that will be discussed are software development lifecycle integration, global policy and compliance issues, necessary developer awareness and automated tools, and accurate metrics collection and tracking to measure the progress. Attendees will be introduced to best practices which have worked for McAfee and other large scale global enterprises, and be shown which practices to avoid. If you're only going to invest in a single activity to start, this talk will help you figure out what it should be, and how to measure its success. David Coffey is the manager of product security at McAfee. At McAfee, David is responsible for assessing the current state of security of the products, development process, and architecture. David is also responsible for leading a geographically distributed team to provide guidance and education to McAfee employees on security measures, process, integration as well as industry best practices. David has been a professional in the technology field for over a decade, providing for strong computer fundamentals and is proficient in both NIX and Windows environments. Prior to joining McAfee, David spent several years working as either an employee or a consultant in financial institutions around the New York area. David later concentrated on architecting, developing and securing multi-tiered, high traffic, dynamic websites, with the largest one doing 92 million hits per day. David served as the sole Application Security Engineer in the 4th largest cable company in the US, performing duties ranging from code audits to architecting IDS deployments to assisting in the securing of network architectures. Most recently, David had the role of Principle Consultant at a security consulting company, managing the security process integration and adoption for a large financial institution which handles a little over 1 quadrillion dollars a year. John Viega is Vice President and Chief Security Architect at McAfee, Inc. In this role he is responsible for McAfee Avert Labs' engineering efforts, including the anti-virus engine. In addition to Viega is also in charge of product security strategy, leading security audits of code, and helping to shape the technical directions for the product lines at McAfee. Viega is a well known security expert and cryptographer and has co-authored several books, including Building Secure Software, Secure Programming Cookbook, Network Security with OpenSSL and The 19 Deadly Sins of Software Security. Prior to joining McAfee, Viega was founder and chief technology officer at Secure Software. David Coffey & John Viega Black Hat / CMP Media, Inc. Computers_and_Internet/Security_and_Encryption/Hacking/Conferences/ Computers/Hacking/ For 10 years Side Channel Analysis and its related attacks have been the primary focus in the field of smart cards. These cryptographic devices are built with the primary objective to resist tampering and guard secrets. Embedded systems in general have a much lower security profile. This talk explores the use and impact of Side Channel Analysis on embedded systems. These systems have their own specific need for security. This need can vary significantly between systems and in addition a much wider range of attacks is possible. At the same time different countermeasures are available to defend against Side Channel Analysis. The options for developers to mitigate the impact of such attacks will be examined. http://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html feedback@blackhat.com (Black Hat RSS Feed) Computers/Hacking/ 95E4319D-D5A9-4051-8F8F-FC154AE86B61 Mon, 9 Jan 2006 16:10:19 -0700 Side Channel Attacks (DPA) and Countermeasures for Embedded Systems For 10 years Side Channel Analysis and its related attacks have been the primary focus in the field of smart cards. These cryptographic devices are built with the primary objective to resist tampering and guard secrets. Embedded systems in general have a much lower security profile. This talk explores the use and impact of Side Channel Analysis on embedded systems. These systems have their own specific need for security. This need can vary significantly between systems and in addition a much wider range of attacks is possible. At the same time different countermeasures are available to defend against Side Channel Analysis. The options for developers to mitigate the impact of such attacks will be examined. 1:19:23 Job De Haas Job De Haas,Briefings and Training, Black Hat, BlackHat,hacking,hack,computer security, speeches, presentations, spoken word, video, audio no no Job De Haas: Side Channel Attacks (DPA) and Countermeasures for Embedded Systems For 10 years Side Channel Analysis and its related attacks have been the primary focus in the field of smart cards. These cryptographic devices are built with the primary objective to resist tampering and guard secrets. Embedded systems in general have a much lower security profile. This talk explores the use and impact of Side Channel Analysis on embedded systems. These systems have their own specific need for security. This need can vary significantly between systems and in addition a much wider range of attacks is possible. At the same time different countermeasures are available to defend against Side Channel Analysis. The options for developers to mitigate the impact of such attacks will be examined. Job De Haas Black Hat / CMP Media, Inc. Computers_and_Internet/Security_and_Encryption/Hacking/Conferences/ Computers/Hacking/ Runtime code coverage analysis is feasible and useful when application source code is not available. An evolutionary test tool receiving such statistics can use that information as fitness for pools of sessions to actively learn the interface protocol. We call this activity grey-box fuzzing. We intend to show that, when applicable, grey-box fuzzing is more effective at finding bugs than RFC compliant or capture-replay mutation black-box tools. This research is focused on building a better/new breed of fuzzer. The impact of which is the discovery of difficult to find bugs in real world applications which are accessible (not theoretical). <br /> <br /> We have successfully combined an evolutionary approach with a debugged target to get real-time grey-box code coverage (CC) fitness data. We build upon existing test tool General Purpose Fuzzer (GPF) [8], and existing reverse engineering and debugging framework PaiMei [10] to accomplish this. We call our new tool the Evolutionary Fuzzing System (EFS). <br /> <br /> <br /> <br /> We have shown that it is possible for our system to learn the targets language (protocol) as target communication sessions become more fit over time. We have also shown that this technique works to find bugs in a real world application. Initial results are promising though further testing is still underway.<br /> <br /> <br /> <br /> This talk will explain EFS, describing its unique features, and present preliminary results for one test case. We will also discuss future research efforts. http://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html feedback@blackhat.com (Black Hat RSS Feed) Computers/Hacking/ ECEDDF92-851C-4EFD-8D3B-A14CAA62A0D7 Mon, 9 Jan 2006 16:10:19 -0700 Revolutionizing the Field of Grey-box Attack Surface Testing with Evolutionary Fuzzing Runtime code coverage analysis is feasible and useful when application source code is not available. An evolutionary test tool receiving such statistics can use that information as fitness for pools of sessions to actively learn the interface protocol. We call this activity grey-box fuzzing. We intend to show that, when applicable, grey-box fuzzing is more effective at finding bugs than RFC compliant or capture-replay mutation black-box tools. This research is focused on building a better/new breed of fuzzer. The impact of which is the discovery of difficult to find bugs in real world applications which are accessible (not theoretical). We have successfully combined an evolutionary approach with a debugged target to get real-time grey-box code coverage (CC) fitness data. We build upon existing test tool General Purpose Fuzzer (GPF) [8], and existing reverse engineering and debugging framework PaiMei [10] to accomplish this. We call our new tool the Evolutionary Fuzzing System (EFS). We have shown that it is possible for our system to learn the targets language (protocol) as target communication sessions become more fit over time. We have also shown that this technique works to find bugs in a real world application. Initial results are promising though further testing is still underway. This talk will explain EFS, describing its unique features, and present preliminary results for one test case. We will also discuss future research efforts. 40:05 Jared DeMott, Dr. Richard Enbody & Dr. Bill Punch Jared DeMott ,Briefings and Training, Black Hat, BlackHat,hacking,hack,computer security, speeches, presentations, spoken word, video, audio no no Jared DeMott, Dr. Richard Enbody & Dr. Bill Punch: Revolutionizing the Field of Grey-box Attack Surface Testing with Evolutionary Fuzzing Runtime code coverage analysis is feasible and useful when application source code is not available. An evolutionary test tool receiving such statistics can use that information as fitness for pools of sessions to actively learn the interface protocol. We call this activity grey-box fuzzing. We intend to show that, when applicable, grey-box fuzzing is more effective at finding bugs than RFC compliant or capture-replay mutation black-box tools. This research is focused on building a better/new breed of fuzzer. The impact of which is the discovery of difficult to find bugs in real world applications which are accessible (not theoretical). We have successfully combined an evolutionary approach with a debugged target to get real-time grey-box code coverage (CC) fitness data. We build upon existing test tool General Purpose Fuzzer (GPF) [8], and existing reverse engineering and debugging framework PaiMei [10] to accomplish this. We call our new tool the Evolutionary Fuzzing System (EFS). We have shown that it is possible for our system to learn the targets language (protocol) as target communication sessions become more fit over time. We have also shown that this technique works to find bugs in a real world application. Initial results are promising though further testing is still underway. This talk will explain EFS, describing its unique features, and present preliminary results for one test case. We will also discuss future research efforts.